It is a very general question and doing a google search for rootkits backdoor trojan might send you in the right direction. Metasploit could be a good resource but you need to know how to work your way through it. Also what type of rootkit? Master boot record? The rootkit is typically used for persistence as it tends to sit below where traditional AV looks. It will continue to replace live malware if someone removes it and reboots the device. There are other uses for rootkits but they depend on what the attacker wants to accomplish. The key to backdoors is the ability for the attacker to continually connect. So lots to consider.

Well the last "backdoor" that I removed from a server was actually pretty simple. It was a batch file that had a hidden name and a hidden file extension. It was pretty invisible to casual searching. It was set as a log on script. Basically it referenced copies of some of the windows utilities that were renamed and located in system32\drivers\etc.